1.3 Analyze AndroidManifest.xml
1.3.1 RETRIEVE MANIFEST ONLY
(already covered if you have properly decompiled the app)
or
within drozer-shell ("dr>"):
CREATE BACKUP
full backup:
single app backup:
decode unencrypted backup:
(for the command above) check if encrypted: if you see "none" --> not encrypted
or
extract it:
1.3.2 INFO
APPLICATION
Version & Requirements:
<uses-sdk android:minSdkVersion="23" android:targetSdkVersion="28"/>
Existing activities:
<activity android:name="com.x.x.x....MainActivity" ... >
Used Services:
<service android:name="com.x.x.x....SampleService" ... >
find class which interacts with external resources and databases
PERMISSIONS
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
DEBUG APPLICATION
Debugging running apps or processes with GDB
1.3.3 THINGS TO REPORT
Wrong version/requirements specified
android:allowBackup = TRUE
android:debuggable = TRUE
andorid:exported= TRUE or not set at all (within <provider>-Tag) --> allows external app to access data
android.permission.WRITE_EXTERNAL_STORAGE / READ_EXTERNAL_STORAGE (ONLY IF sensitive data was stored/read externally)
improper use of permissions:
e.g. the app opens a website in external browser (not in-app), however requires "android.permission.INTERNET" --> false usage of permissions (over-privileged)
"android:protectionLevel" was not set properly (<permission android:name="my_custom_permission_name" android:protectionLevel="signature"/>)
missing android:permission (permission tags limit exposure to other apps)
1.3.4 MORE DETAILS
Last updated